18 lines
1.0 KiB
Markdown
18 lines
1.0 KiB
Markdown
# Captcha Bypass
|
|
|
|
## Captcha Bypass
|
|
|
|
To **automate **the **testing **of some functions of the server that allows user input it **could **be **needed **to **bypass **a **captcha **implementation. Test these things:
|
|
|
|
* **Do not send the parameter** related to the captcha.
|
|
* Change from POST to GET or other HTTP Verbs
|
|
* Change to JSON or from JSON
|
|
* Send the **captcha parameter empty**.
|
|
* Check if the value of the captcha is **in the source code **of the page.
|
|
* Check if the value is **inside a cookie.**
|
|
* Try to use an **old captcha value**
|
|
* Check if you can use the **same **captcha **value **several times with** the same or different sessionID.**
|
|
* If the captcha consists on a **mathematical operation **try to **automate **the **calculation.**
|
|
* If the captcha consists on **read characters from an image**, check manually or with code **how many images** are being used and if only a **few images are being used, detect them by MD5.**
|
|
* Use an **OCR **([https://github.com/tesseract-ocr/tesseract](https://github.com/tesseract-ocr/tesseract)).
|